Sometimes, syslog-ng seems to be working wrong, it does not send logs, or it does not start or in an extreme case it crashes.
Is it a real syslog-ng bug or not?
First of all, syslog-ng has a lot of parameters for debugging:
root# syslog-ng –help-all
-F, –foreground Do not go into the background after initialization
-v, –verbose Be a bit more verbose
-d, –debug Enable debug messages
-t, –trace Enable trace messages
-e, –stderr Log messages to stderr
-s, --syntax-only Only read and parse config file
For example:
root# syslog-ng -F
WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please update your configuration;
Error resolving reference; content='source', name='_src', location='/etc/syslog-ng/conf.d/iptables.conf:3:7'
root#
cat /etc/syslog-ng/conf.d/iptables.conf
destination iptables { file("/var/log/iptables.log" owner("user") group("adm") perm(0644)); };
filter iptables { facility(kern) and match("IN=") and match("OUT="); };
log { source(_src); filter(iptables); destination(iptables); };
So what is missing? ‘s’ in name=’_src’ The syntax should look like this:
cat /etc/syslog-ng/conf.d/iptables.conf
destination iptables { file("/var/log/iptables.log" owner("aryps") group("adm") perm(0644)); };
filter iptables { facility(kern) and match("IN=") and match("OUT="); };
log { source(s_src); filter(iptables); destination(iptables); };
Worth to add the following and not filter(iptables) to filter f_kern and filter f_messages so the filters will look like this:
cat /etc/syslog-ng/syslog-ng.conf
...
filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news) and not filter(iptables); };
filter f_kern { facility(kern) and not filter(f_debug) and not filter(iptables); };
...